On the road with third-party apps - Security, safety and privacy aspects of in-vehicle apps

In recent years the automotive industry has started to digitise their vehicles. Traditionally
cars have been equipped with radio, cassette or CD-players and more
recently so-called infotainment systems. The abilities of these infotainment systems
have developed over the years from only offering radio and navigation to now being
a powerful Internet connected device comparable to tablets and smartphones. Recently
several car manufacturers have announced the upcoming possibility to install
third-party apps into these infotainment systems. With the prospect of downloading
third-party code into a device that is integrated into a safety critical system, such
as a vehicle with multiple environment sensors, there is a concern for both safety
and user privacy.
In this thesis, the safety, security and privacy aspects of in-vehicle apps are investigated.
The thesis focuses on apps for the Android Automotive operating system
which some car manufacturers, including Volvo Car Corporation (VCC), have opted
to use in their infotainment systems.
It is concluded that in-vehicle Android apps are fundamentally as secure as regular
phone apps, the main differences stem from the fact that in-vehicle apps can affect
road safety. The traditional Android API poses several risks to road safety while
the Automotive version is more restricted it is still insufficient to not be a cause for
concern. Furthermore, the added APIs in Automotive constitutes an elevated risk
for user privacy. It is shown that the impact of these privacy risks can be mitigated
to some extent by vetting apps with state-of-the-art static analysis tools. Finally,
recommendations for security measures and vetting processes for secure in-vehicle
app stores are presented.

Skapa referens, olika format (klipp och klistra)

BibTeX @mastersthesis{Eriksson2018,author={Eriksson, Benjamin and GROTH, JONAS},title={On the road with third-party apps - Security, safety and privacy aspects of in-vehicle apps},abstract={In recent years the automotive industry has started to digitise their vehicles. Traditionally
cars have been equipped with radio, cassette or CD-players and more
recently so-called infotainment systems. The abilities of these infotainment systems
have developed over the years from only offering radio and navigation to now being
a powerful Internet connected device comparable to tablets and smartphones. Recently
several car manufacturers have announced the upcoming possibility to install
third-party apps into these infotainment systems. With the prospect of downloading
third-party code into a device that is integrated into a safety critical system, such
as a vehicle with multiple environment sensors, there is a concern for both safety
and user privacy.
In this thesis, the safety, security and privacy aspects of in-vehicle apps are investigated.
The thesis focuses on apps for the Android Automotive operating system
which some car manufacturers, including Volvo Car Corporation (VCC), have opted
to use in their infotainment systems.
It is concluded that in-vehicle Android apps are fundamentally as secure as regular
phone apps, the main differences stem from the fact that in-vehicle apps can affect
road safety. The traditional Android API poses several risks to road safety while
the Automotive version is more restricted it is still insufficient to not be a cause for
concern. Furthermore, the added APIs in Automotive constitutes an elevated risk
for user privacy. It is shown that the impact of these privacy risks can be mitigated
to some extent by vetting apps with state-of-the-art static analysis tools. Finally,
recommendations for security measures and vetting processes for secure in-vehicle
app stores are presented.},publisher={Institutionen för data- och informationsteknik (Chalmers), Chalmers tekniska högskola},place={Göteborg},year={2018},keywords={Android Automotive, security, safety, privacy, infotainment, information flow, static analysis, app stores.},note={82},}

RefWorks RT GenericSR ElectronicID 255949A1 Eriksson, BenjaminA1 GROTH, JONAST1 On the road with third-party apps - Security, safety and privacy aspects of in-vehicle appsYR 2018AB In recent years the automotive industry has started to digitise their vehicles. Traditionally
cars have been equipped with radio, cassette or CD-players and more
recently so-called infotainment systems. The abilities of these infotainment systems
have developed over the years from only offering radio and navigation to now being
a powerful Internet connected device comparable to tablets and smartphones. Recently
several car manufacturers have announced the upcoming possibility to install
third-party apps into these infotainment systems. With the prospect of downloading
third-party code into a device that is integrated into a safety critical system, such
as a vehicle with multiple environment sensors, there is a concern for both safety
and user privacy.
In this thesis, the safety, security and privacy aspects of in-vehicle apps are investigated.
The thesis focuses on apps for the Android Automotive operating system
which some car manufacturers, including Volvo Car Corporation (VCC), have opted
to use in their infotainment systems.
It is concluded that in-vehicle Android apps are fundamentally as secure as regular
phone apps, the main differences stem from the fact that in-vehicle apps can affect
road safety. The traditional Android API poses several risks to road safety while
the Automotive version is more restricted it is still insufficient to not be a cause for
concern. Furthermore, the added APIs in Automotive constitutes an elevated risk
for user privacy. It is shown that the impact of these privacy risks can be mitigated
to some extent by vetting apps with state-of-the-art static analysis tools. Finally,
recommendations for security measures and vetting processes for secure in-vehicle
app stores are presented.PB Institutionen för data- och informationsteknik (Chalmers), Chalmers tekniska högskola,PB Institutionen för data- och informationsteknik (Chalmers), Chalmers tekniska högskola,LA engLK http://publications.lib.chalmers.se/records/fulltext/255949/255949.pdfOL 30